@sphereon/ssi-sdk.oid4vci-holder 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2

package/dist/machines/oid4vciMachine.js

@@ -0,0 +1,727 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OID4VCIMachine = void 0;
+const oid4vci_common_1 = require("@sphereon/oid4vci-common");
+const xstate_1 = require("xstate");
+const Localization_1 = require("../localization/Localization");
+const IOID4VCIHolder_1 = require("../types/IOID4VCIHolder");
+const FirstPartyMachine_1 = require("../types/FirstPartyMachine");
+const oid4vciHasNoContactGuard = (_ctx, _event) => {
+    const { contact } = _ctx;
+    return contact === undefined;
+};
+const oid4vciHasContactGuard = (_ctx, _event) => {
+    const { contact } = _ctx;
+    return contact !== undefined;
+};
+const oid4vciContactHasLowTrustGuard = (_ctx, _event) => {
+    const { contact, trustedAnchors } = _ctx;
+    return contact !== undefined && trustedAnchors !== undefined && trustedAnchors.length === 0;
+};
+const oid4vciCredentialsToSelectRequiredGuard = (_ctx, _event) => {
+    const { credentialToSelectFrom } = _ctx;
+    return credentialToSelectFrom && credentialToSelectFrom.length > 1;
+};
+const oid4vciRequirePinGuard = (_ctx, _event) => {
+    var _a;
+    const { requestData } = _ctx;
+    return ((_a = requestData === null || requestData === void 0 ? void 0 : requestData.credentialOffer) === null || _a === void 0 ? void 0 : _a.userPinRequired) === true;
+};
+const oid4vciHasNoContactIdentityGuard = (_ctx, _event) => {
+    const { contact, credentialsToAccept } = _ctx;
+    let toAcceptId = credentialsToAccept[0].correlationId;
+    if (toAcceptId.match(/^https?:\/\/.*/)) {
+        toAcceptId = new URL(toAcceptId).hostname;
+    }
+    return !(contact === null || contact === void 0 ? void 0 : contact.identities.some((identity) => identity.identifier.correlationId === toAcceptId));
+};
+const oid4vciVerificationCodeGuard = (_ctx, _event) => {
+    const { verificationCode } = _ctx;
+    return verificationCode !== undefined && verificationCode.length > 0;
+};
+const oid4vciCreateContactGuard = (_ctx, _event) => {
+    const { contactAlias, hasContactConsent } = _ctx;
+    return hasContactConsent && !!contactAlias && contactAlias.length > 0;
+};
+const oid4vciHasSelectedCredentialsGuard = (_ctx, _event) => {
+    const { selectedCredentials } = _ctx;
+    return selectedCredentials !== undefined && selectedCredentials.length > 0;
+};
+const oid4vciIsOIDFOriginGuard = (_ctx, _event) => {
+    // TODO in the future we need to establish if a origin is a IDF origin. So we need to check if this metadata is on the well-known location
+    const { trustAnchors } = _ctx;
+    return trustAnchors.length > 0;
+};
+const oid4vciNoAuthorizationGuard = (ctx, _event) => {
+    return !oid4vciHasAuthorizationResponse(ctx, _event);
+};
+// FIXME refactor this guard
+const oid4vciRequireAuthorizationGuard = (ctx, _event) => {
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j;
+    const { openID4VCIClientState } = ctx;
+    if (!openID4VCIClientState) {
+        throw Error('Missing openID4VCI client state in context');
+    }
+    if (!openID4VCIClientState.authorizationURL) {
+        return false;
+    }
+    else if (openID4VCIClientState.authorizationRequestOpts) {
+        // We have authz options or there is not credential offer to begin with.
+        // We require authz as long as we do not have the authz code response
+        return !((_a = ctx.openID4VCIClientState) === null || _a === void 0 ? void 0 : _a.authorizationCodeResponse);
+    }
+    else if ((_c = (_b = openID4VCIClientState.credentialOffer) === null || _b === void 0 ? void 0 : _b.supportedFlows) === null || _c === void 0 ? void 0 : _c.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
+        return !((_d = ctx.openID4VCIClientState) === null || _d === void 0 ? void 0 : _d.authorizationCodeResponse);
+    }
+    else if ((_f = (_e = openID4VCIClientState.credentialOffer) === null || _e === void 0 ? void 0 : _e.supportedFlows) === null || _f === void 0 ? void 0 : _f.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
+        return false;
+    }
+    else if ((_h = (_g = openID4VCIClientState.endpointMetadata) === null || _g === void 0 ? void 0 : _g.credentialIssuerMetadata) === null || _h === void 0 ? void 0 : _h.authorization_endpoint) {
+        return !((_j = ctx.openID4VCIClientState) === null || _j === void 0 ? void 0 : _j.authorizationCodeResponse);
+    }
+    return false;
+};
+const oid4vciHasAuthorizationResponse = (ctx, _event) => {
+    var _a;
+    return !!((_a = ctx.openID4VCIClientState) === null || _a === void 0 ? void 0 : _a.authorizationCodeResponse);
+};
+const oid4vciIsFirstPartyApplication = (ctx, _event) => {
+    var _a;
+    return !!((_a = ctx.serverMetadata) === null || _a === void 0 ? void 0 : _a.authorization_challenge_endpoint);
+};
+const createOID4VCIMachine = (opts) => {
+    var _a, _b;
+    const initialContext = {
+        // TODO WAL-671 we need to store the data from OpenIdProvider here in the context and make sure we can restart the machine with it and init the OpenIdProvider
+        accessTokenOpts: opts === null || opts === void 0 ? void 0 : opts.accessTokenOpts,
+        requestData: opts === null || opts === void 0 ? void 0 : opts.requestData,
+        trustAnchors: (_a = opts === null || opts === void 0 ? void 0 : opts.trustAnchors) !== null && _a !== void 0 ? _a : [],
+        issuanceOpt: opts === null || opts === void 0 ? void 0 : opts.issuanceOpt,
+        didMethodPreferences: opts === null || opts === void 0 ? void 0 : opts.didMethodPreferences,
+        locale: opts === null || opts === void 0 ? void 0 : opts.locale,
+        credentialsSupported: {},
+        credentialToSelectFrom: [],
+        selectedCredentials: [],
+        credentialsToAccept: [],
+        hasContactConsent: true,
+        contactAlias: '',
+    };
+    return (0, xstate_1.createMachine)({
+        id: (_b = opts === null || opts === void 0 ? void 0 : opts.machineName) !== null && _b !== void 0 ? _b : 'OID4VCIHolder',
+        predictableActionArguments: true,
+        initial: IOID4VCIHolder_1.OID4VCIMachineStates.start,
+        schema: {
+            events: {},
+            guards: {},
+            services: {},
+        },
+        context: initialContext,
+        states: {
+            [IOID4VCIHolder_1.OID4VCIMachineStates.start]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.start,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.start,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.createCredentialsToSelectFrom,
+                        actions: (0, xstate_1.assign)({
+                            authorizationCodeURL: (_ctx, _event) => _event.data.authorizationCodeURL,
+                            credentialBranding: (_ctx, _event) => { var _a; return (_a = _event.data.credentialBranding) !== null && _a !== void 0 ? _a : {}; },
+                            credentialsSupported: (_ctx, _event) => _event.data.credentialsSupported,
+                            serverMetadata: (_ctx, _event) => _event.data.serverMetadata,
+                            openID4VCIClientState: (_ctx, _event) => _event.data.oid4vciClientState,
+                        }),
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_initiation_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.createCredentialsToSelectFrom]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.createCredentialsToSelectFrom,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.createCredentialsToSelectFrom,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.getContact,
+                        actions: (0, xstate_1.assign)({
+                            credentialToSelectFrom: (_ctx, _event) => _event.data,
+                        }),
+                        // TODO WAL-670 would be nice if we can have guard that checks if we have at least 1 item in the selection. not sure if this can occur but it would be more defensive.
+                        // Still cannot find a nice way to do this inside of an invoke besides adding another transition state
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_credential_selection_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.getContact]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.getContact,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.getContact,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.getIssuerBranding,
+                        actions: (0, xstate_1.assign)({ contact: (_ctx, _event) => _event.data }),
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_retrieve_contact_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.getIssuerBranding]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.getIssuerBranding,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.getIssuerBranding,
+                    onDone: [
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.getFederationTrust,
+                            cond: IOID4VCIHolder_1.OID4VCIMachineGuards.isOIDFOriginGuard,
+                            actions: (0, xstate_1.assign)({
+                                issuerBranding: (_ctx, _event) => _event.data,
+                            }),
+                        },
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSetup,
+                            actions: (0, xstate_1.assign)({
+                                issuerBranding: (_ctx, _event) => _event.data,
+                            }),
+                        },
+                    ],
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_retrieve_issuer_branding_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.getFederationTrust]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.getFederationTrust,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.getFederationTrust,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSetup,
+                        actions: (0, xstate_1.assign)({
+                            trustedAnchors: (_ctx, _event) => _event.data,
+                        }),
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_retrieve_federation_trust_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSetup]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSetup,
+                always: [
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.addContact,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.hasNoContactGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.reviewContact,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.contactHasLowTrustGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.selectCredentials,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.credentialsToSelectRequiredGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.startFirstPartApplicationFlow,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.isFirstPartyApplication,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.initiateAuthorizationRequest,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.requireAuthorizationGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.verifyPin,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.requirePinGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials,
+                    },
+                ],
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL]: {
+                        actions: (0, xstate_1.assign)({ authorizationCodeURL: (_ctx, _event) => _event.data }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.addContact]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.addContact,
+                initial: IOID4VCIHolder_1.OID4VCIMachineAddContactStates.idle,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.SET_CONTACT_CONSENT]: {
+                        actions: (0, xstate_1.assign)({ hasContactConsent: (_ctx, _event) => _event.data }),
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.SET_CONTACT_ALIAS]: {
+                        actions: (0, xstate_1.assign)({ contactAlias: (_ctx, _event) => _event.data }),
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.CREATE_CONTACT]: {
+                        target: `.${IOID4VCIHolder_1.OID4VCIMachineAddContactStates.next}`,
+                        actions: (0, xstate_1.assign)({ contact: (_ctx, _event) => _event.data }),
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.createContactGuard,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.DECLINE]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.declined,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                    },
+                },
+                states: {
+                    [IOID4VCIHolder_1.OID4VCIMachineAddContactStates.idle]: {},
+                    [IOID4VCIHolder_1.OID4VCIMachineAddContactStates.next]: {
+                        always: {
+                            target: `#${IOID4VCIHolder_1.OID4VCIMachineStates.storeIssuerBranding}`,
+                            cond: IOID4VCIHolder_1.OID4VCIMachineGuards.hasContactGuard,
+                        },
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.reviewContact]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.reviewContact,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.NEXT]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromContactSetup,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.DECLINE]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.declined,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.storeIssuerBranding]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.storeIssuerBranding,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.storeIssuerBranding,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromContactSetup,
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_store_issuer_branding_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromContactSetup]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromContactSetup,
+                always: [
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.selectCredentials,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.credentialsToSelectRequiredGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.startFirstPartApplicationFlow,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.isFirstPartyApplication,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.initiateAuthorizationRequest,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.requireAuthorizationGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.verifyPin,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.requirePinGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials,
+                    },
+                ],
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.startFirstPartApplicationFlow]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.startFirstPartApplicationFlow,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.startFirstPartApplicationFlow,
+                    onDone: [
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                            cond: (_ctx, _event) => _event.data === FirstPartyMachine_1.FirstPartyMachineStateTypes.aborted,
+                        },
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.declined,
+                            cond: (_ctx, _event) => _event.data === FirstPartyMachine_1.FirstPartyMachineStateTypes.declined,
+                        },
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials,
+                            actions: (0, xstate_1.assign)({
+                                openID4VCIClientState: (_ctx, _event) => {
+                                    const authorizationCodeResponse = (0, oid4vci_common_1.toAuthorizationResponsePayload)(_event.data);
+                                    return Object.assign(Object.assign({}, _ctx.openID4VCIClientState), { authorizationCodeResponse });
+                                },
+                            }),
+                        },
+                    ],
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => {
+                                var _a;
+                                return ({
+                                    title: (_a = _event.data.title) !== null && _a !== void 0 ? _a : (0, Localization_1.translate)('oid4vci_machine_first_party_error_title'),
+                                    message: _event.data.message,
+                                    stack: _event.data.stack,
+                                });
+                            },
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.selectCredentials]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.selectCredentials,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS]: {
+                        actions: (0, xstate_1.assign)({ selectedCredentials: (_ctx, _event) => _event.data }),
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.NEXT]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSelectingCredentials,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.hasSelectedCredentialsGuard,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSelectingCredentials]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromSelectingCredentials,
+                always: [
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.startFirstPartApplicationFlow,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.isFirstPartyApplication,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.verifyPin,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.requirePinGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.initiateAuthorizationRequest,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.requireAuthorizationGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials,
+                    },
+                ],
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.initiateAuthorizationRequest]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.initiateAuthorizationRequest,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.selectCredentials,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.waitForAuthorizationResponse,
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.waitForAuthorizationResponse]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.waitForAuthorizationResponse,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.initiateAuthorizationRequest,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE]: {
+                        actions: (0, xstate_1.assign)({
+                            openID4VCIClientState: (_ctx, _event) => {
+                                const authorizationCodeResponse = (0, oid4vci_common_1.toAuthorizationResponsePayload)(_event.data);
+                                return Object.assign(Object.assign({}, _ctx.openID4VCIClientState), { authorizationCodeResponse });
+                            },
+                        }),
+                    },
+                },
+                always: [
+                    {
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.hasAuthorizationResponse,
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials,
+                    },
+                ],
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.verifyPin]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.verifyPin,
+                initial: IOID4VCIHolder_1.OID4VCIMachineVerifyPinStates.idle,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.SET_VERIFICATION_CODE]: {
+                        target: `.${IOID4VCIHolder_1.OID4VCIMachineVerifyPinStates.next}`,
+                        actions: (0, xstate_1.assign)({ verificationCode: (_ctx, _event) => _event.data }),
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: [
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.selectCredentials,
+                            cond: IOID4VCIHolder_1.OID4VCIMachineGuards.credentialsToSelectRequiredGuard,
+                        },
+                        {
+                            target: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                        },
+                    ],
+                },
+                states: {
+                    [IOID4VCIHolder_1.OID4VCIMachineVerifyPinStates.idle]: {},
+                    [IOID4VCIHolder_1.OID4VCIMachineVerifyPinStates.next]: {
+                        always: {
+                            target: `#${IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials}`,
+                            cond: IOID4VCIHolder_1.OID4VCIMachineGuards.verificationCodeGuard,
+                        },
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.getCredentials,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.getCredentials,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.verifyCredentials,
+                        actions: (0, xstate_1.assign)({
+                            credentialsToAccept: (_ctx, _event) => _event.data,
+                        }),
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_retrieve_credentials_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+                exit: (0, xstate_1.assign)({ verificationCode: undefined }),
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.verifyCredentials]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.verifyCredentials,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.assertValidCredentials,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromWalletInput,
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_verify_credentials_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromWalletInput]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.transitionFromWalletInput,
+                always: [
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.addContactIdentity,
+                        cond: IOID4VCIHolder_1.OID4VCIMachineGuards.hasNoContactIdentityGuard,
+                    },
+                    {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.reviewCredentials,
+                    },
+                ],
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.addContactIdentity]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.addContactIdentity,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.addContactIdentity,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.addIssuerBrandingAfterIdentity,
+                        actions: (_ctx, _event) => {
+                            var _a;
+                            (_a = _ctx.contact) === null || _a === void 0 ? void 0 : _a.identities.push(_event.data);
+                        },
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_add_contact_identity_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.addIssuerBrandingAfterIdentity]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.addIssuerBrandingAfterIdentity,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.storeIssuerBranding,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.reviewCredentials,
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_store_issuer_branding_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.reviewCredentials]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.reviewCredentials,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.NEXT]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.storeCredentialBranding,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.DECLINE]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.declined,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.storeCredentialBranding]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.storeCredentialBranding,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.storeCredentialBranding,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.storeCredentials,
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_store_credential_branding_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.storeCredentials]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.storeCredentials,
+                invoke: {
+                    src: IOID4VCIHolder_1.OID4VCIMachineServices.storeCredentials,
+                    onDone: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.done,
+                    },
+                    onError: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                        actions: (0, xstate_1.assign)({
+                            error: (_ctx, _event) => ({
+                                title: (0, Localization_1.translate)('oid4vci_machine_store_credential_error_title'),
+                                message: _event.data.message,
+                                stack: _event.data.stack,
+                            }),
+                        }),
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.handleError]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.handleError,
+                on: {
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.NEXT]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.error,
+                    },
+                    [IOID4VCIHolder_1.OID4VCIMachineEvents.PREVIOUS]: {
+                        target: IOID4VCIHolder_1.OID4VCIMachineStates.error,
+                    },
+                },
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.aborted]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.aborted,
+                type: 'final',
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.declined]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.declined,
+                type: 'final',
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.error]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.error,
+                type: 'final',
+            },
+            [IOID4VCIHolder_1.OID4VCIMachineStates.done]: {
+                id: IOID4VCIHolder_1.OID4VCIMachineStates.done,
+                type: 'final',
+            },
+        },
+    });
+};
+class OID4VCIMachine {
+    static newInstance(opts, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const interpreter = (0, xstate_1.interpret)(createOID4VCIMachine(opts).withConfig({
+                services: Object.assign({}, opts === null || opts === void 0 ? void 0 : opts.services),
+                guards: Object.assign({ oid4vciHasNoContactGuard,
+                    oid4vciCredentialsToSelectRequiredGuard,
+                    oid4vciRequirePinGuard,
+                    oid4vciHasNoContactIdentityGuard,
+                    oid4vciVerificationCodeGuard,
+                    oid4vciHasContactGuard,
+                    oid4vciCreateContactGuard,
+                    oid4vciHasSelectedCredentialsGuard,
+                    oid4vciRequireAuthorizationGuard,
+                    oid4vciNoAuthorizationGuard,
+                    oid4vciHasAuthorizationResponse,
+                    oid4vciIsOIDFOriginGuard,
+                    oid4vciContactHasLowTrustGuard,
+                    oid4vciIsFirstPartyApplication }, opts === null || opts === void 0 ? void 0 : opts.guards),
+            }));
+            if (typeof (opts === null || opts === void 0 ? void 0 : opts.subscription) === 'function') {
+                interpreter.onTransition(opts.subscription);
+            }
+            if ((opts === null || opts === void 0 ? void 0 : opts.requireCustomNavigationHook) !== true) {
+                if (typeof (opts === null || opts === void 0 ? void 0 : opts.stateNavigationListener) === 'function') {
+                    interpreter.onTransition((snapshot) => {
+                        if (opts === null || opts === void 0 ? void 0 : opts.stateNavigationListener) {
+                            opts.stateNavigationListener(interpreter, snapshot);
+                        }
+                    });
+                }
+            }
+            return { interpreter };
+        });
+    }
+}
+exports.OID4VCIMachine = OID4VCIMachine;
+//# sourceMappingURL=oid4vciMachine.js.map